fnv/core verifier

.gitignore

@@ -14,3 +14,4 @@ mithril-infra/.terraform*
 mithril-infra/terraform.tfstate*
 mithril-infra/*.tfvars
 justfile
+

mithril-stm/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.3.0 (10-08-2023)
+### Added
+- Added `Coreverifier` struct and its functionalities to cover signature procedure for a full node.
+- Adapted existing functionality to inherit from a more generic structure `Coreverifier`.
+- Added tests for core verification.
+
 ## 0.2.5 (15-03-2023)
 ### Added
 - Included helper functions for unsafe code
@@ -14,7 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## 0.2.0 (16-12-2022)
 ### Changed
-- Addapted the `Signature` struct, so that it does not contain the verification key and
+- Adapted the `Signature` struct, so that it does not contain the verification key and
   the stake, as these values are not required. 
 
 ## 0.1.0 (05-12-2022)

mithril-stm/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name    = "mithril-stm"
-version = "0.2.20"
+version = "0.3.0"
 edition = { workspace = true }
 authors = { workspace = true }
 documentation = { workspace = true }

mithril-stm/README.md

@@ -9,12 +9,16 @@
 * We implemented the concatenation proof system as batch proofs:
   * Individual signatures do not contain the Merkle path to prove membership of the avk. Instead, it is the role of the aggregator to generate such proofs. This allows for a more efficient implementation of batched membership proofs (or batched Merkle paths).
 * Protocol documentation is given in [Mithril Protocol in depth](https://mithril.network/doc/mithril/mithril-protocol/protocol/).
+* The API also includes *core verification*. This functionality allows a full node verifier (`CoreVerifier`) that is 
+  able to verify the signatures that are generated without the registration information, i.e., `avk`. A 
+  `CoreVerifier` is assumed to know identities of the signers, so, it does not need to check the registration. 
 
 
 * This library provides:
     * The implementation of the Stake-based Threshold Multisignatures
+    * The implementation of `CoreVerifier`
     * Key registration procedure for STM signatures
-    * The tests for the library functions and STM scheme
+    * The tests for the library functions, STM scheme, and `CoreVerifier`
     * Benchmark tests
 
 ## Pre-requisites
@@ -117,7 +121,8 @@ fn main() {
 
     // Check all parties can verify every sig
     for (s, p) in sigs.iter().zip(ps.iter()) {
-        assert!(s.verify(&params, &p.verification_key(), &p.get_stake(), &avk, &msg).is_ok(), "Verification failed");
+        assert!(s.verify(&params, &p.verification_key(), &p.get_stake(), &avk, &msg).is_ok(), "Verification 
+        failed");
     }
 
     // Aggregate with random parties

mithril-stm/benches/size_benches.rs

@@ -4,7 +4,10 @@ use blake2::{
     Blake2b, Digest,
 };
 use mithril_stm::key_reg::KeyReg;
-use mithril_stm::stm::{StmClerk, StmInitializer, StmParameters, StmSig, StmSigner};
+use mithril_stm::stm::{
+    CoreVerifier, Stake, StmClerk, StmInitializer, StmParameters, StmSig, StmSigRegParty,
+    StmSigner, StmVerificationKey,
+};
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use rayon::iter::ParallelIterator;
@@ -60,6 +63,70 @@ where
     );
 }
 
+fn core_size<H>(k: u64, m: u64, nparties: usize)
+where
+    H: Digest + Clone + Sync + Send + Default + FixedOutput,
+{
+    let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+    let mut msg = [0u8; 16];
+    rng.fill_bytes(&mut msg);
+
+    let mut public_signers: Vec<(StmVerificationKey, Stake)> = Vec::with_capacity(nparties);
+    let mut initializers: Vec<StmInitializer> = Vec::with_capacity(nparties);
+
+    let parties = (0..nparties)
+        .map(|_| 1 + (rng.next_u64() % 9999))
+        .collect::<Vec<_>>();
+
+    let params = StmParameters { k, m, phi_f: 0.2 };
+
+    for stake in parties {
+        let initializer = StmInitializer::setup(params, stake, &mut rng);
+        initializers.push(initializer.clone());
+        public_signers.push((initializer.verification_key().vk, initializer.stake));
+    }
+
+    let core_verifier = CoreVerifier::setup(&public_signers);
+
+    let signers: Vec<StmSigner<H>> = initializers
+        .into_iter()
+        .filter_map(|s| s.new_core_signer(&core_verifier.eligible_parties))
+        .collect();
+
+    let mut signatures: Vec<StmSig> = Vec::with_capacity(nparties);
+    for s in signers {
+        if let Some(sig) = s.core_sign(&msg, core_verifier.total_stake) {
+            signatures.push(sig);
+        }
+    }
+
+    let sig_reg_list = signatures
+        .iter()
+        .map(|sig| StmSigRegParty {
+            sig: sig.clone(),
+            reg_party: core_verifier.eligible_parties[sig.signer_index as usize],
+        })
+        .collect::<Vec<StmSigRegParty>>();
+
+    let dedup_sigs = CoreVerifier::dedup_sigs_for_indices(
+        &core_verifier.total_stake,
+        &params,
+        &msg,
+        &sig_reg_list,
+    )
+    .unwrap();
+
+    let mut size_sigs: usize = 0;
+    for sig in dedup_sigs {
+        size_sigs += sig.to_bytes().len();
+    }
+
+    println!(
+        "k = {} | m = {} | nr parties = {}; {} bytes",
+        k, m, nparties, size_sigs,
+    );
+}
+
 fn main() {
     println!("+-------------------+");
     println!("|   Size of proofs  |");
@@ -72,4 +139,14 @@ fn main() {
         size::<Blake2b<U64>>(k, m, nparties, "Blake2b 512");
         size::<Blake2b<U32>>(k, m, nparties, "Blake2b 256");
     }
+
+    println!("\n+-------------------------+");
+    println!("| Size of core signatures |");
+    println!("+-------------------------+");
+    println!("+-------------------------+");
+
+    for (k, m, nparties) in params {
+        core_size::<Blake2b<U64>>(k, m, nparties);
+    }
+    println!("+-------------------------+");
 }

mithril-stm/benches/stm.rs

@@ -2,7 +2,10 @@ use blake2::digest::{Digest, FixedOutput};
 use blake2::{digest::consts::U32, Blake2b};
 use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
 use mithril_stm::key_reg::KeyReg;
-use mithril_stm::stm::{StmAggrSig, StmClerk, StmInitializer, StmParameters, StmSigner};
+use mithril_stm::stm::{
+    CoreVerifier, Stake, StmAggrSig, StmClerk, StmInitializer, StmParameters, StmSigner,
+    StmVerificationKey,
+};
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use rayon::prelude::*;
@@ -144,6 +147,56 @@ fn batch_benches<H>(
     }
 }
 
+fn core_verifier_benches<H>(c: &mut Criterion, nr_parties: usize, params: StmParameters)
+where
+    H: Clone + Debug + Digest + Send + Sync + FixedOutput + Default,
+{
+    let mut group = c.benchmark_group("Core verifier");
+    let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+    let mut msg = [0u8; 16];
+    rng.fill_bytes(&mut msg);
+
+    let mut public_signers: Vec<(StmVerificationKey, Stake)> = Vec::with_capacity(nr_parties);
+    let mut initializers: Vec<StmInitializer> = Vec::with_capacity(nr_parties);
+
+    let param_string = format!(
+        "k: {}, m: {}, nr_parties: {}",
+        params.k, params.m, nr_parties
+    );
+
+    let stakes = (0..nr_parties)
+        .map(|_| 1 + (rng.next_u64() % 9999))
+        .collect::<Vec<_>>();
+
+    for stake in stakes {
+        let initializer = StmInitializer::setup(params, stake, &mut rng);
+        initializers.push(initializer.clone());
+        public_signers.push((initializer.verification_key().vk, initializer.stake));
+    }
+
+    let core_verifier = CoreVerifier::setup(&public_signers);
+
+    let signers: Vec<StmSigner<H>> = initializers
+        .into_iter()
+        .filter_map(|s| s.new_core_signer(&core_verifier.eligible_parties))
+        .collect();
+
+    group.bench_function(BenchmarkId::new("Play all lotteries", &param_string), |b| {
+        b.iter(|| {
+            signers[0].core_sign(&msg, core_verifier.total_stake);
+        })
+    });
+
+    let signatures = signers
+        .par_iter()
+        .filter_map(|p| p.core_sign(&msg, core_verifier.total_stake))
+        .collect::<Vec<_>>();
+
+    group.bench_function(BenchmarkId::new("Core verification", &param_string), |b| {
+        b.iter(|| core_verifier.verify(&signatures, &params, &msg))
+    });
+}
+
 fn batch_stm_benches_blake_300(c: &mut Criterion) {
     batch_benches::<Blake2b<U32>>(
         c,
@@ -171,6 +224,18 @@ fn stm_benches_blake_300(c: &mut Criterion) {
     );
 }
 
+fn core_verifier_benches_blake_300(c: &mut Criterion) {
+    core_verifier_benches::<Blake2b<U32>>(
+        c,
+        300,
+        StmParameters {
+            m: 150,
+            k: 25,
+            phi_f: 0.2,
+        },
+    );
+}
+
 fn batch_stm_benches_blake_2000(c: &mut Criterion) {
     batch_benches::<Blake2b<U32>>(
         c,
@@ -198,9 +263,23 @@ fn stm_benches_blake_2000(c: &mut Criterion) {
     );
 }
 
+fn core_verifier_benches_blake_2000(c: &mut Criterion) {
+    core_verifier_benches::<Blake2b<U32>>(
+        c,
+        2000,
+        StmParameters {
+            m: 1523,
+            k: 250,
+            phi_f: 0.2,
+        },
+    );
+}
+
 criterion_group!(name = benches;
                  config = Criterion::default().nresamples(1000);
                  targets =
+    core_verifier_benches_blake_300,
+    core_verifier_benches_blake_2000,
     stm_benches_blake_300,
     stm_benches_blake_2000,
     batch_stm_benches_blake_300,